Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Intel Researchers Sneak Up on Rootkits

Intel researchers, as part of a greater focus on security, have developed a way to detect rootkits and other malware. Although still in the research stage, it could be added to future Intel hardware platforms.

WEBINAR:On-Demand

Intel Corp.s researchers are working to outwit cyber attackers, including those employing stealthy rootkits.

The chip makers Communications Technology Lab, in a project called System Integrity Services, has created a hardware engine to sniff out sophisticated malware attacks by monitoring the way operating systems and critical applications interact with hardware inside computers.

By watching a computers main memory, the System Integrity Services can detect when an attacker takes control of the system—such attacks sever the ties between data loaded into memory by an application and the application itself—and can fool a system so as to avoid detection while potentially allowing for surreptitious pilfering of data or the perpetration of other attacks.

"Our threat model assumes that the attacker gets on the system somehow and has unrestricted access to the system," said Travis Schluessler, a security architect inside Intels Communications Technology Lab.

System Integrity Services "assumes [the attacker] will modify whats running in memory to fool anti-virus software or change firewall rules…so as to put the system in state where he can do whatever he wants."

The System Integrity Services hardware, however, can detect those intrusions by monitoring the interactions between the applications and memory.

Once it discovers an intrusion, it can issue an alert. Thus it sets the bar much higher for malware being able to compromise system without being detected, Schluessler said.

Researchers tested the system with a kernel debugger, an application whose behaviors and ability to make system changes are similar to that of a rootkit, to prove its effectiveness, he said.

Although it might not make it to market immediately, Intels anti-malware research comes at a time when anti-virus vendors are struggling to cope with the use of stealth rootkits in malware attacks.

Using rootkit techniques, malware writers are able to gain administrative access to compromised machines to silently run updates to the software or reinstall malicious programs after a user deletes them.

If it were to be put into a product platform, Intels System Integrity Services could be used in conjunction with other elements, including the Intel Active Management Technology for monitoring hardware, and could also be used in concert with other research projects such as Circuit Breaker.

Circuit Breaker, a research project that might also someday find its way into products regulates an infected computers access to a network.

Such a combination might help quickly head off widespread infections, which can cost companies not only in data theft by also in reduced employee productivity due to computer downtime and heavy use of IT resources to clean them up, the Intel researcher said.

Indeed, in one example, "Once System Integrity Services has detected a problem, it can tell Circuit Breaker to turn [a machine] off the primary network and switch it over to a remediation network," he said.

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.